From 781573b9dd393aa4d2d7e34a1fa8d831441b545b Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 17:04:16 +0100 Subject: [PATCH 01/24] k Zpubkeys: makefu* -> 3modules --- krebs/3modules/makefu/default.nix | 16 ++++++++++++++-- krebs/Zpubkeys/exco.ssh.pub | 1 - krebs/Zpubkeys/makefu_arch.ssh.pub | 1 - krebs/Zpubkeys/makefu_omo.ssh.pub | 1 - krebs/Zpubkeys/makefu_tsp.ssh.pub | 1 - 5 files changed, 14 insertions(+), 6 deletions(-) delete mode 100644 krebs/Zpubkeys/exco.ssh.pub delete mode 100644 krebs/Zpubkeys/makefu_arch.ssh.pub delete mode 100644 krebs/Zpubkeys/makefu_omo.ssh.pub delete mode 100644 krebs/Zpubkeys/makefu_tsp.ssh.pub diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 037abbdfd..5a128a28f 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -277,10 +277,22 @@ with lib; }; }; }; - users = addNames { + users = addNames rec { makefu = { mail = "makefu@pornocauster.retiolum"; - pubkey = readFile ../../Zpubkeys/makefu_arch.ssh.pub; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster"; + }; + makefu_omo = { + inherit (makefu) mail; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch"; + }; + makefu_tsp = { + inherit (makefu) mail; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp"; + }; + exco = { + mail = "dickbutt@excogitation.de"; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de"; }; }; } diff --git a/krebs/Zpubkeys/exco.ssh.pub b/krebs/Zpubkeys/exco.ssh.pub deleted file mode 100644 index e2afcf3fb..000000000 --- a/krebs/Zpubkeys/exco.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== christian.stoeveken@gmail.com diff --git a/krebs/Zpubkeys/makefu_arch.ssh.pub b/krebs/Zpubkeys/makefu_arch.ssh.pub deleted file mode 100644 index 6092ec469..000000000 --- a/krebs/Zpubkeys/makefu_arch.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster diff --git a/krebs/Zpubkeys/makefu_omo.ssh.pub b/krebs/Zpubkeys/makefu_omo.ssh.pub deleted file mode 100644 index 5567040fb..000000000 --- a/krebs/Zpubkeys/makefu_omo.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch diff --git a/krebs/Zpubkeys/makefu_tsp.ssh.pub b/krebs/Zpubkeys/makefu_tsp.ssh.pub deleted file mode 100644 index 9a9c9b6f8..000000000 --- a/krebs/Zpubkeys/makefu_tsp.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp From 9bc0c474ace8e1bcccb5301a1726ed75a6241bff Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 17:12:51 +0100 Subject: [PATCH 02/24] m 2 Reaktor: add full profile --- krebs/3modules/makefu/default.nix | 8 ++++++-- krebs/Zpubkeys/makefu_vbob.ssh.pub | 1 - makefu/2configs/Reaktor/full.nix | 18 ++++++++++++++++++ makefu/2configs/git/cgit-retiolum.nix | 20 -------------------- 4 files changed, 24 insertions(+), 23 deletions(-) delete mode 100644 krebs/Zpubkeys/makefu_vbob.ssh.pub create mode 100644 makefu/2configs/Reaktor/full.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index d9cb83aaf..14cafd3ed 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -307,14 +307,18 @@ with lib; mail = "makefu@pornocauster.retiolum"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb makefu@pornocauster"; }; - makefu_omo = { + makefu-omo = { inherit (makefu) mail; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtDhAxjiCH0SmTGNDqmlKPug9qTf+IFOVjdXfk01lAV2KMVW00CgNo2d5kl5+6pM99K7zZO7Uo7pmSFLSCAg8J6cMRI3v5OxFsnQfcJ9TeGLZt/ua7F8YsyIIr5wtqKtFbujqve31q9xJMypEpiX4np3nLiHfYwcWu7AFAUY8UHcCNl4JXm6hsmPe+9f6Mg2jICOdkfMMn0LtW+iq1KZpw1Nka2YUSiE2YuUtV+V+YaVMzdcjknkVkZNqcVk6tbJ1ZyZKM+bFEnE4VkHJYDABZfELpcgBAszfWrVG0QpEFjVCUq5atpIVHJcWWDx072r0zgdTPcBuzsHHC5PRfVBLEw== makefu@servarch"; }; - makefu_tsp = { + makefu-tsp = { inherit (makefu) mail; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1srWa67fcsw3r64eqgIuHbMbrj6Ywd9AwzCM+2dfXqYQZblchzH4Q4oydjdFOnV9LaA1LfNcWEjV/gVQKA2/xLSyXSDwzTxQDyOAZaqseKVg1F0a7wAF20+LiegQj6KXE29wcTW1RjcPncmagTBv5/vYbo1eDLKZjwGpEnG0+s+TRftrAhrgtbsuwR1GWWYACxk1CbxbcV+nIZ1RF9E1Fngbl4C4WjXDvsASi8s24utCd/XxgKwKcSFv7EWNfXlNzlETdTqyNVdhA7anc3N7d/TGrQuzCdtrvBFq4WbD3IRhSk79PXaB3L6xJ7LS8DyOSzfPyiJPK65Zw5s4BC07Z makefu@tsp"; }; + makefu-vbob = { + inherit (makefu) mail; + pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@vbob"; + }; exco = { mail = "dickbutt@excogitation.de"; pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7HCK+TzelJp7atCbvCbvZZnXFr3cE35ioactgpIJL7BOyQM6lJ/7y24WbbrstClTuV7n0rWolDgfjx/8kVQExP3HXEAgCwV6tIcX/Ep84EXSok7QguN0ozZMCwX9CYXOEyLmqpe2KAx3ggXDyyDUr2mWs04J95CFjiR/YgOhIfM4+gVBxGtLSTyegyR3Fk7O0KFwYDjBRLi7a5TIub3UYuOvw3Dxo7bUkdhtf38Kff8LEK8PKtIku/AyDlwZ0mZT4Z7gnihSG2ezR5mLD6QXVuGhG6gW/gsqfPVRF4aZbrtJWZCp2G21wBRafpEZJ8KFHtR18JNcvsuWA1HJmFOj2K0mAY5hBvzCbXGhSzBtcGxKOmTBDTRlZ7FIFgukP/ckSgDduydFUpsv07ZRj+qY07zKp3Nhh3RuN7ZcveCo2WpaAzTuWCMPB0BMhEQvsO8I/p5YtTaw2T1poOPorBbURQwEgNrZ92kB1lL5t1t1ZB4oNeDJX5fddKLkgnLqQZWOZBTKtoq0EAVXojTDLZaA+5z20h8DU7sicDQ/VG4LWtqm9fh8iDpvt/3IHUn/HJEEnlfE1Gd+F2Q+R80yu4e1PClmuzfWjCtkPc4aY7oDxfcJqyeuRW6husAufPqNs31W6X9qXwoaBh9vRQ1erZUo46iicxbzujXIy/Hwg67X8dw== dickbutt@excogitation.de"; diff --git a/krebs/Zpubkeys/makefu_vbob.ssh.pub b/krebs/Zpubkeys/makefu_vbob.ssh.pub deleted file mode 100644 index e5063aeb5..000000000 --- a/krebs/Zpubkeys/makefu_vbob.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiKvLKaRQPL/Y/4EWx3rNhrY5YGKK4AeqDOFTLgJ7djwJnMo7FP+OIH/4pFxS6Ri2TZwS9QsR3hsycA4n8Z15jXAOXuK52kP65Ei3lLyz9mF+/s1mJsV0Ui/UKF3jE7PEAVky7zXuyYirJpMK8LhXydpFvH95aGrL1Dk30R9/vNkE9rc1XylBfNpT0X0GXmldI+r5OPOtiKLA5BHJdlV8qDYhQsU2fH8S0tmAHF/ir2bh7+PtLE2hmRT+b8I7y1ZagkJsC0sn9GT1AS8ys5s65V2xTTIfQO1zQ4sUH0LczuRuY8MLaO33GAzhyoSQdbdRAmwZQpY/JRJ3C/UROgHYt makefu@nixos diff --git a/makefu/2configs/Reaktor/full.nix b/makefu/2configs/Reaktor/full.nix new file mode 100644 index 000000000..50620890f --- /dev/null +++ b/makefu/2configs/Reaktor/full.nix @@ -0,0 +1,18 @@ +_: +{ + # implementation of the complete Reaktor bot + imports = [ + #./stockholmLentil.nix + ./simpleExtend.nix + ./random-emoji.nix + ./titlebot.nix + ./shack-correct.nix + ./sed-plugin.nix + ]; + krebs.Reaktor.nickname = "Reaktor|bot"; + krebs.Reaktor.enable = true; + + krebs.Reaktor.extraEnviron = { + REAKTOR_CHANNELS = "#krebs,#binaergewitter,#shackspace"; + }; +} diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 68fd976d6..35bb169cf 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -80,26 +80,6 @@ let }; in { - imports = [{ - krebs.users = { - makefu-omo = { - name = "makefu-omo" ; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_omo.ssh.pub; - }; - makefu-vbob = { - name = "makefu-vbob" ; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_vbob.ssh.pub; - }; - makefu-tsp = { - name = "makefu-tsp" ; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/makefu_tsp.ssh.pub; - }; - exco = { - name = "exco"; - pubkey= with builtins; readFile ../../../krebs/Zpubkeys/exco.ssh.pub; - }; - }; - }]; krebs.git = { enable = true; root-title = "public repositories"; From b3cb94ef818f4aa966d53fc0be927435156eab5a Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 17:43:08 +0100 Subject: [PATCH 03/24] k 5 forticlientsslvpn: init --- krebs/5pkgs/fortclientsslvpn/default.nix | 87 ++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 krebs/5pkgs/fortclientsslvpn/default.nix diff --git a/krebs/5pkgs/fortclientsslvpn/default.nix b/krebs/5pkgs/fortclientsslvpn/default.nix new file mode 100644 index 000000000..720d4004f --- /dev/null +++ b/krebs/5pkgs/fortclientsslvpn/default.nix @@ -0,0 +1,87 @@ +{ stdenv, lib, fetchurl, gtk, glib, libSM, gdk_pixbuf, libX11, libXinerama, iproute, + makeWrapper, libredirect, ppp, coreutils, gawk, pango }: +stdenv.mkDerivation rec { + name = "forticlientsslvpn"; + # forticlient will be copied into /tmp before execution. this is necessary as + # the software demands $base to be writeable + + src = fetchurl { + # archive.org mirror: + # https://archive.org/download/ForticlientsslvpnLinux4.4.23171.tar/forticlientsslvpn_linux_4.4.2317.tar.gz + url = http://www.zen.co.uk/userfiles/knowledgebase/FortigateSSLVPNClient/forticlientsslvpn_linux_4.4.2317.tar.gz; + sha256 = "19clnf9rgrnwazlpah8zz5kvz6kc8lxawrgmksx25k5ywflmbcrr"; + }; + phases = [ "unpackPhase" "buildPhase" "installPhase" "fixupPhase" ]; + + buildInputs = [ makeWrapper ]; + + binPath = lib.makeSearchPath "bin" [ + coreutils + gawk + ]; + + + libPath = lib.makeLibraryPath [ + stdenv.cc.cc + ]; + + guiLibPath = lib.makeLibraryPath [ + gtk + glib + libSM + gdk_pixbuf + libX11 + libXinerama + pango + ]; + + buildPhase = '' + # TODO: 32bit, use the 32bit folder + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ + --set-rpath "$libPath" \ + 64bit/forticlientsslvpn_cli + + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ + --set-rpath "$libPath:$guiLibPath" \ + 64bit/forticlientsslvpn + + patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ + --set-rpath "$libPath" \ + 64bit/helper/subproc + + sed -i 's#\(export PATH=\).*#\1"${binPath}"#' 64bit/helper/waitppp.sh + ''; + + installPhase = '' + mkdir -p "$out/opt/fortinet" + + cp -r 64bit/. "$out/opt/fortinet" + wrapProgram $out/opt/fortinet/forticlientsslvpn \ + --set LD_PRELOAD "${libredirect}/lib/libredirect.so" \ + --set NIX_REDIRECTS /usr/sbin/ip=${iproute}/bin/ip:/usr/sbin/ppp=${ppp}/bin/ppp + + mkdir -p "$out/bin/" + + cat > $out/bin/forticlientsslvpn < Date: Mon, 14 Dec 2015 17:56:50 +0100 Subject: [PATCH 04/24] m 1 vbob: allow to deploy self --- makefu/1systems/vbob.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 4d8e8ced1..b121a730a 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -1,7 +1,7 @@ # # # -{ config, pkgs, ... }: +{ lib, config, pkgs, ... }: { krebs.build.host = config.krebs.hosts.vbob; @@ -12,13 +12,21 @@ ../2configs/main-laptop.nix #< base-gui # environment + ../2configs/zsh-user.nix ../2configs/virtualization.nix ]; + + # allow vbob to deploy self + users.extraUsers = { + root = { + openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; + }; + }; nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; environment.systemPackages = with pkgs;[ get - ]; + ]; networking.firewall.allowedTCPPorts = [ 25 From 55ad05879b8ba97e369bfd72810028dd4622e356 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 14 Dec 2015 19:36:06 +0100 Subject: [PATCH 05/24] s 1 wolf: initial preparation of ci packaging --- makefu/2configs/nginx/euer.test.nix | 26 ++++++++++++++++++++++++++ shared/1systems/wolf.nix | 3 ++- shared/2configs/cac-ci.nix | 11 +++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/nginx/euer.test.nix create mode 100644 shared/2configs/cac-ci.nix diff --git a/makefu/2configs/nginx/euer.test.nix b/makefu/2configs/nginx/euer.test.nix new file mode 100644 index 000000000..ffdc0bc60 --- /dev/null +++ b/makefu/2configs/nginx/euer.test.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + hostname = config.krebs.build.host.name; + user = config.services.nginx.user; + group = config.services.nginx.group; + external-ip = head config.krebs.build.host.nets.internet.addrs4; + internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; +in { + krebs.nginx = { + enable = mkDefault true; + servers = { + euer-share = { + listen = [ ]; + server-names = [ "share.euer.krebsco.de" ]; + locations = singleton (nameValuePair "/" '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:8000/; + ''); + }; + }; + }; +} diff --git a/shared/1systems/wolf.nix b/shared/1systems/wolf.nix index 8c5295bb3..a3e527a3b 100644 --- a/shared/1systems/wolf.nix +++ b/shared/1systems/wolf.nix @@ -11,6 +11,7 @@ in ../2configs/collectd-base.nix ../2configs/shack-nix-cacher.nix ../2configs/shack-drivedroid.nix + ../2configs/cac-ci.nix ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) @@ -24,7 +25,7 @@ in }]; defaultGateway = "10.42.0.1"; - nameservers = [ "8.8.8.8" ]; + nameservers = [ "10.42.0.100" "10.42.0.200" ]; }; ##################### diff --git a/shared/2configs/cac-ci.nix b/shared/2configs/cac-ci.nix new file mode 100644 index 000000000..06cce2746 --- /dev/null +++ b/shared/2configs/cac-ci.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + environment.systemPackages = with pkgs;[ + get + cac + cacpanel + jq + ]; +} From b5eafa4c03e9f7059e30ec137c5b0bbe6e47e3a7 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 12:44:41 +0100 Subject: [PATCH 06/24] k 3 makefu: gum provides cgit.gum --- krebs/3modules/makefu/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 14cafd3ed..3d1ac6cfb 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -273,6 +273,7 @@ with lib; mattermost.euer IN A ${head nets.internet.addrs4} git.euer IN A ${head nets.internet.addrs4} gum IN A ${head nets.internet.addrs4} + cgit.euer IN A ${head nets.internet.addrs4} ''; }; nets = { @@ -287,6 +288,7 @@ with lib; addrs6 = ["42:f9f0:0000:0000:0000:0000:0000:70d2"]; aliases = [ "gum.retiolum" + "cgit.gum.retiolum" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- From d4792eb7231acf5bf66409adb4e777433998678b Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 15:33:34 +0100 Subject: [PATCH 07/24] prepare zshrc, makes ~/.zshrc obsolete --- makefu/2configs/zsh-user.nix | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 3089b706a..266ce256a 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -5,6 +5,36 @@ let mainUser = config.krebs.build.user.name; in { - programs.zsh.enable = true; users.extraUsers.${mainUser}.shell = "/run/current-system/sw/bin/zsh"; + programs.zsh= { + enable = true; + interactiveShellInit = '' + HISTSIZE=900001 + HISTFILESIZE=$HISTSIZE + SAVEHIST=$HISTSIZE + + setopt HIST_IGNORE_ALL_DUPS + setopt HIST_IGNORE_SPACE + setopt HIST_FIND_NO_DUPS + bindkey -e + # shift-tab + bindkey '^[[Z' reverse-menu-complete + + autoload -U compinit && compinit + zstyle ':completion:*' menu select + ''; + + promptInit = '' + RPROMPT="" + autoload colors && colors + case $UID in + 0) PROMPT="%{$fg[red]%}%~%{$reset_color%} " ;; + 9001) PROMPT="%{$fg[green]%}%~%{$reset_color%} " ;; + *) PROMPT="%{$fg[yellow]%}%n %{$fg[green]%}%~%{$reset_color%} " ;; + esac + if test -n "$SSH_CLIENT"; then + PROMPT="%{$fg[magenta]%}%m $PROMPT" + fi + ''; + }; } From 3371d54618aa017be77e2494c1cf82331152f3b7 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 18:43:40 +0100 Subject: [PATCH 08/24] m 3 buildbot: master init --- makefu/3modules/buildbot/master.nix | 179 ++++++++++++++++++++++++++++ 1 file changed, 179 insertions(+) create mode 100644 makefu/3modules/buildbot/master.nix diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix new file mode 100644 index 000000000..310b8460d --- /dev/null +++ b/makefu/3modules/buildbot/master.nix @@ -0,0 +1,179 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + buildbot = pkgs.buildbot; + buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' + # -*- python -*- + from buildbot.plugins import * + + c = BuildmasterConfig = {} + + c['slaves'] = [] + # TODO: template potential buildslaves + # TODO: set password? + for i in [ 'testslave' ]: + c['slaves'].append(buildslave.BuildSlave(i, "krebspass")) + + c['protocols'] = {'pb': {'port': 9989}} + + ####### Build Inputs + stockholm_repo = 'http://cgit.gum/stockholm' + c['change_source'] = [] + c['change_source'].append(changes.GitPoller( + stockholm_repo, + workdir='stockholm-poller', branch='master', + project='stockholm', + pollinterval=300)) + + ####### Build Scheduler + # TODO: configure scheduler + important_files = util.ChangeFilter( + project_re="^((krebs|share)/.*|Makefile|default.nix)", + branch='master') + c['schedulers'] = [] + c['schedulers'].append(schedulers.SingleBranchScheduler( + name="all-important-files", + change_filter=important_files, + # 3 minutes stable tree + treeStableTimer=3*60, + builderNames=["runtests"])) + c['schedulers'].append(schedulers.ForceScheduler( + name="force", + builderNames=["runtests"])) + ###### The actual build + factory = util.BuildFactory() + factory.addStep(steps.Git(repourl=stockholm_repo, mode='incremental')) + + deps = [ "gnumake", "jq" ] + factory.addStep(steps.ShellCommand(command=["nix-shell", "-p" ] + deps )) + factory.addStep(steps.ShellCommand(env={"LOGNAME": "shared"}, + command=["make", "get=krebs.deploy", + "system=test-centos7"])) + + # TODO: different Builders? + c['builders'] = [] + c['builders'].append( + util.BuilderConfig(name="runtests", + # TODO: only some slaves being used in builder? + slavenames=c['slaves'], + factory=factory)) + + ####### Status of Builds + c['status'] = [] + + from buildbot.status import html + from buildbot.status.web import authz, auth + # TODO: configure if http is wanted + authz_cfg=authz.Authz( + # TODO: configure user/pw + auth=auth.BasicAuth([("krebs","bob")]), + gracefulShutdown = False, + forceBuild = 'auth', + forceAllBuilds = 'auth', + pingBuilder = False, + stopBuild = False, + stopAllBuilds = False, + cancelPendingBuild = False, + ) + # TODO: configure nginx + c['status'].append(html.WebStatus(http_port=8010, authz=authz_cfg)) + + from buildbot.status import words + # TODO: configure IRC Bot + irc = words.IRC("irc.freenode.net", "krebsbuild", + channels=["krebs"], + notify_events={ + 'sucess': 1, + 'failure': 1, + 'exception': 1, + 'successToFailure': 1, + 'failureToSuccess': 1, + },allowForce=True) + c['status'].append(irc) + + ####### PROJECT IDENTITY + c['title'] = "Stockholm" + c['titleURL'] = "http://krebsco.de" + + c['buildbotURL'] = "http://buildbot.krebsco.de/" + + ####### DB URL + c['db'] = { + 'db_url' : "sqlite:///state.sqlite", + } + ${cfg.extraConfig} + ''; + + cfg = config.makefu.buildbot.master; + + api = { + enable = mkEnableOption "Buildbot Master"; + + workDir = mkOption { + default = "/var/lib/buildbot/master"; + type = types.str; + description = '' + Path to build bot master directory. + Will be created on startup. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = types.lines; + description = '' + extra config appended to the generated master.cfg + ''; + }; + }; + + imp = { + + users.extraUsers.buildbotMaster = { + uid = 672626386; #genid buildbotMaster + description = "Buildbot Master"; + home = cfg.workDir; + createHome = false; + }; + + users.extraGroups.buildbotMaster = { + gid = 672626386; + }; + + systemd.services.buildbotMaster = { + description = "Buildbot Master"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + PermissionsStartOnly = true; + # TODO: maybe also prepare buildbot.tac? + ExecStartPre = pkgs.writeScript "buildbot-master-init" '' + #!/bin/sh + set -efux + workdir=${lib.shell.escape cfg.workDir} + if [ ! -e $workdir ];then + mkdir -p $workdir + ${buildbot}/bin/buildbot create-master -r -l 10 -f $workdir + chown buildbotMaster:buildbotMaster $workdir + fi + # always override the master.cfg + cp ${toString buildbot-master-config} "$workdir/master.cfg" + # sanity + ${buildbot}/bin/buildbot checkconfig $workdir + # upgrade + ${buildbot}/bin/buildbot upgrade-master $workdir + ''; + ExecStart = "${buildbot}/bin/buildbot ${lib.shell.escape cfg.workDir}"; + PrivateTmp = "true"; + User = "buildbotMaster"; + Restart = "always"; + RestartSec = "10"; + }; + }; + }; +in +{ + options.makefu.buildbot.master = api; + config = mkIf cfg.enable imp; +} From cf5a1ba6bcf657396bc6b8c2fbc32143d27849d0 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 21:18:29 +0100 Subject: [PATCH 09/24] m 1 pornocauster: use latest buildbot for stable build --- makefu/1systems/pornocauster.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 977289470..6f176b7fa 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -36,11 +36,17 @@ # ../2configs/mediawiki.nix #../2configs/wordpress.nix ]; - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + buildbot = let + pkgs1509 = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; + in pkgs1509.buildbot; + }; + makefu.buildbot.master.enable = true; + #krebs.Reaktor.enable = true; #krebs.Reaktor.nickname = "makefu|r"; - - krebs.build.host = config.krebs.hosts.pornocauster; + # nix.binaryCaches = [ "http://acng.shack/nixos" "https://cache.nixos.org" ]; environment.systemPackages = with pkgs;[ get @@ -58,4 +64,5 @@ 25 ]; + krebs.build.host = config.krebs.hosts.pornocauster; } From a907f926c120f10945c47cdaba7405fe08cfd9ee Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Dec 2015 22:25:46 +0100 Subject: [PATCH 10/24] m 3 buildbot: first working commit for buildbot master --- makefu/3modules/buildbot/master.nix | 37 ++++++++++++++++++----------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix index 310b8460d..d8e917a21 100644 --- a/makefu/3modules/buildbot/master.nix +++ b/makefu/3modules/buildbot/master.nix @@ -12,7 +12,8 @@ let c['slaves'] = [] # TODO: template potential buildslaves # TODO: set password? - for i in [ 'testslave' ]: + slavenames= [ 'testslave' ] + for i in slavenames: c['slaves'].append(buildslave.BuildSlave(i, "krebspass")) c['protocols'] = {'pb': {'port': 9989}} @@ -56,7 +57,7 @@ let c['builders'].append( util.BuilderConfig(name="runtests", # TODO: only some slaves being used in builder? - slavenames=c['slaves'], + slavenames=slavenames, factory=factory)) ####### Status of Builds @@ -84,7 +85,7 @@ let irc = words.IRC("irc.freenode.net", "krebsbuild", channels=["krebs"], notify_events={ - 'sucess': 1, + 'success': 1, 'failure': 1, 'exception': 1, 'successToFailure': 1, @@ -145,26 +146,34 @@ let description = "Buildbot Master"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - serviceConfig = { + serviceConfig = let + workdir="${lib.shell.escape cfg.workDir}"; + in { + pidfile="${workdir}/twistd.pid"; PermissionsStartOnly = true; + Type = "forking"; + PIDFile = "${workdir}/twistd.pid"; # TODO: maybe also prepare buildbot.tac? ExecStartPre = pkgs.writeScript "buildbot-master-init" '' #!/bin/sh set -efux - workdir=${lib.shell.escape cfg.workDir} - if [ ! -e $workdir ];then - mkdir -p $workdir - ${buildbot}/bin/buildbot create-master -r -l 10 -f $workdir - chown buildbotMaster:buildbotMaster $workdir + if [ ! -e ${workdir} ];then + mkdir -p ${workdir} + ${buildbot}/bin/buildbot create-master -r -l 10 -f ${workdir} fi # always override the master.cfg - cp ${toString buildbot-master-config} "$workdir/master.cfg" + cp ${buildbot-master-config} ${workdir}/master.cfg # sanity - ${buildbot}/bin/buildbot checkconfig $workdir - # upgrade - ${buildbot}/bin/buildbot upgrade-master $workdir + ${buildbot}/bin/buildbot checkconfig ${workdir} + + # TODO: maybe upgrade? + # ${buildbot}/bin/buildbot upgrade-master ${workdir} + + chown buildbotMaster:buildbotMaster -R ${workdir} ''; - ExecStart = "${buildbot}/bin/buildbot ${lib.shell.escape cfg.workDir}"; + ExecStart = "${buildbot}/bin/buildbot start ${workdir}"; + ExecStop = "${buildbot}/bin/buildbot stop ${workdir}"; + ExecReload = "${buildbot}/bin/buildbot reconfig ${workdir}"; PrivateTmp = "true"; User = "buildbotMaster"; Restart = "always"; From c95085d875ac72152dcfbaceb35364203f97db7d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 10:42:20 +0100 Subject: [PATCH 11/24] m 3 buildbot: add to imports --- makefu/3modules/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index a8a1f69d0..4b2b36e64 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -2,6 +2,7 @@ _: { imports = [ + ./buildbot/master.nix ]; } From 09f4611f38ecaf471a54c09fc3fa9350ffe3f0b9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 10:42:40 +0100 Subject: [PATCH 12/24] m 2 default: add aliases, pythonstartup env --- makefu/2configs/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 519635281..c0d7685e3 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -104,6 +104,8 @@ with lib; HISTSIZE=900001 HISTFILESIZE=$HISTSIZE + PYTHONSTARTUP="~/.pythonrc"; + shopt -s checkhash shopt -s histappend histreedit histverify shopt -s no_empty_cmd_completion @@ -123,6 +125,9 @@ with lib; environment.shellAliases = { lsl = "ls -lAtr"; + psg = "ps -ef | grep"; + nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; + grep = "grep --color=auto"; }; nixpkgs.config.packageOverrides = pkgs: { From c20d38e11ecf38dda8931769a04cdcdf96f88c3f Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 11:40:18 +0100 Subject: [PATCH 13/24] m 2 base-gui: write xdefaults, obsoletes ~/.Xdefaults --- makefu/2configs/base-gui.nix | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/makefu/2configs/base-gui.nix b/makefu/2configs/base-gui.nix index 16a5386ca..1d6750284 100644 --- a/makefu/2configs/base-gui.nix +++ b/makefu/2configs/base-gui.nix @@ -73,4 +73,33 @@ in enable = true; # systemWide = true; }; + services.xserver.displayManager.sessionCommands = let + xdefaultsfile = pkgs.writeText "Xdefaults" '' + cat |derp < Date: Wed, 16 Dec 2015 11:40:48 +0100 Subject: [PATCH 14/24] m 2 zsh-user: load gpg-agent, obsoletes oh-my-zsh ssh plugin --- makefu/2configs/zsh-user.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 266ce256a..1b1762418 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -22,6 +22,16 @@ in autoload -U compinit && compinit zstyle ':completion:*' menu select + + # load gpg-agent + envfile="$HOME/.gnupg/gpg-agent.env" + if [ -e "$envfile" ] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then + eval "$(cat "$envfile")" + else + eval "$(${pkgs.gnupg}/bin/gpg-agent --daemon --enable-ssh-support --write-env-file "$envfile")" + fi + export GPG_AGENT_INFO + export SSH_AUTH_SOCK ''; promptInit = '' From 27746f9a3dffe6adde137d300e498249843174d9 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 11:43:56 +0100 Subject: [PATCH 15/24] m 2 wwan: add alias for umts when wwan is loaded --- makefu/2configs/wwan.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/makefu/2configs/wwan.nix b/makefu/2configs/wwan.nix index dd1c63090..29a610ac6 100644 --- a/makefu/2configs/wwan.nix +++ b/makefu/2configs/wwan.nix @@ -9,6 +9,10 @@ in { wvdial ]; + environment.shellAliases = { + umts = "sudo wvdial netzclub"; + }; + # configure for NETZCLUB environment.wvdial.dialerDefaults = '' Phone = *99***1# From 5af1d1c7b14c08ba1c0198cc9771c452218670b0 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 11:54:58 +0100 Subject: [PATCH 16/24] m 2 Reaktor: sed-plugin fix name --- makefu/2configs/Reaktor/sed-plugin.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/2configs/Reaktor/sed-plugin.nix b/makefu/2configs/Reaktor/sed-plugin.nix index 1ec977116..a451e0d3e 100644 --- a/makefu/2configs/Reaktor/sed-plugin.nix +++ b/makefu/2configs/Reaktor/sed-plugin.nix @@ -7,7 +7,7 @@ in { #TODO: this will eat up the last regex, fix Reaktor krebs.Reaktor.extraConfig = '' public_commands.append({ - 'capname' : "shack-correct", + 'capname' : "sed-plugin", # only support s///gi 'pattern' : '^(?P.*)$$', 'argv' : ["${pkgs.python3}/bin/python3","${script}"], From 104381af7cf34602064e57b0f2cfae18f2ecc063 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 11:59:01 +0100 Subject: [PATCH 17/24] k 5 snapraid: init --- krebs/5pkgs/snapraid/default.nix | 33 ++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 krebs/5pkgs/snapraid/default.nix diff --git a/krebs/5pkgs/snapraid/default.nix b/krebs/5pkgs/snapraid/default.nix new file mode 100644 index 000000000..41db0f284 --- /dev/null +++ b/krebs/5pkgs/snapraid/default.nix @@ -0,0 +1,33 @@ +{stdenv, fetchurl}: +let + s = # Generated upstream information + rec { + baseName="jq"; + version="1.5"; + name="${baseName}-${version}"; + url=https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz; + sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4"; + }; + buildInputs = [ + ]; +in +stdenv.mkDerivation { + inherit (s) name version; + inherit buildInputs; + src = fetchurl { + inherit (s) url sha256; + }; + + # jq is linked to libjq: + configureFlags = [ + "LDFLAGS=-Wl,-rpath,\\\${libdir}" + ]; + meta = { + inherit (s) version; + description = ''A lightweight and flexible command-line JSON processor''; + license = stdenv.lib.licenses.mit ; + maintainers = [stdenv.lib.maintainers.raskin]; + platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; + }; +} + From edf646ee9211920a7eb85c13e567ecc748d014f4 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 11:59:26 +0100 Subject: [PATCH 18/24] s 2 graphite: init config --- shared/2configs/graphite.nix | 37 ++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 shared/2configs/graphite.nix diff --git a/shared/2configs/graphite.nix b/shared/2configs/graphite.nix new file mode 100644 index 000000000..707ec6e9a --- /dev/null +++ b/shared/2configs/graphite.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +# graphite-web on port 8080 +# carbon cache on port 2003 (tcp/udp) + +# TODO: krebs.graphite.minimal.enable +# TODO: configure firewall +with lib; +{ + imports = [ ]; + + services.graphite = { + web = { + enable = true; + host = "0.0.0.0"; + }; + carbon = { + enableCache = true; + # save disk usage by restricting to 1 bulk update per second + config = '' + [cache] + MAX_CACHE_SIZE = inf + MAX_UPDATES_PER_SECOND = 1 + MAX_CREATES_PER_MINUTE = 50 + ''; + storageSchemas = '' + [carbon] + pattern = ^carbon\. + retentions = 60:90d + + [default] + pattern = .* + retentions = 60s:30d,300s:1y + ''; + }; + }; +} From f7da5211f3fe930f9a01317cf7fa9d52915c06e8 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 12:06:44 +0100 Subject: [PATCH 19/24] m 1 omo: init --- krebs/3modules/makefu/default.nix | 25 +++++++++++++++++++++ makefu/1systems/omo.nix | 37 +++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 makefu/1systems/omo.nix diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 3d1ac6cfb..1970a0777 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -263,6 +263,31 @@ with lib; }; }; }; + + omo = rec { + cores = 2; + dc = "makefu"; #AMD E350 + + nets = { + retiolum = { + addrs4 = ["10.243.0.89"]; + addrs6 = ["42:f9f0::10"]; + aliases = [ + "omo.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAuHQEeowvxRkoHJUw6cUp431pnoIy4MVv7kTLgWEK46nzgZtld9LM + ZdNMJB9CuOVVMHEaiY6Q5YchUmapGxwEObc0y+8zQxTPw3I4q0GkSJqKLPrsTpkn + sgEkHPfs2GVdtIBXDn9I8i5JsY2+U8QF8fbIQSOO08/Vpa3nknDAMege9yEa3NFm + s/+x+2pS+xV6uzf/H21XNv0oufInXwZH1NCNXAy5I2V6pz7BmAHilVOGCT7g2zn6 + GasmofiYEnro4V5s8gDlQkb7bCZEIA9EgX/HP6fZJQezSUHcDCQFI0vg26xywbr6 + 5+9tTn8fN2mWS5+Pdmx3haX1qFcBP5HglwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; gum = rec { cores = 1; dc = "online.net"; #root-server diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix new file mode 100644 index 000000000..6ae79398a --- /dev/null +++ b/makefu/1systems/omo.nix @@ -0,0 +1,37 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../2configs/fs/single-partition-ext4.nix + ../2configs/tinc-basic-retiolum.nix + ../2configs/exim-retiolum.nix + ]; + krebs.build.host = config.krebs.hosts.omo; + + # AMD E350 + boot = { + loader.grub.device = "/dev/sda"; + + initrd.availableKernelModules = [ + "usb_storage" + "ahci" + "xhci_hcd" + "ata_piix" + "uhci_hcd" + "ehci_pci" + ]; + + kernelModules = [ ]; + extraModulePackages = [ ]; + }; + + hardware.enableAllFirmware = true; + hardware.cpu.amd.updateMicrocode = true; + + networking.firewall.allowPing = true; +} From 3d26e0b58f4c692f2f412ecc838f0b766b97947e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 12:23:55 +0100 Subject: [PATCH 20/24] m 1 vbob: use custom nixpkgs, /nix mount --- makefu/1systems/vbob.nix | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index b121a730a..6bcdb3ecd 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -13,10 +13,17 @@ # environment - ../2configs/zsh-user.nix - ../2configs/virtualization.nix ]; - + krebs.build.source.git.nixpkgs = { + #url = https://github.com/nixos/nixpkgs; + # HTTP Everywhere + rev = "a3974e"; + }; + fileSystems."/nix" = { + device ="/dev/disk/by-label/nixstore"; + fsType = "ext4"; + }; + #makefu.buildbot.master.enable = true; # allow vbob to deploy self users.extraUsers = { root = { @@ -40,8 +47,8 @@ connectTo = [ "gum" ]; - }; + networking.proxy.default = "http://global.proxy.alcatel-lucent.com:8000"; fileSystems."/media/share" = { fsType = "vboxsf"; @@ -50,3 +57,4 @@ }; } + From a4abf300d8adea5a454f8664f2de6dd8e9095216 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 12:29:24 +0100 Subject: [PATCH 21/24] m 2 main-laptop: use zsh for main-laptop --- makefu/1systems/pornocauster.nix | 4 +--- makefu/2configs/main-laptop.nix | 1 + 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix index 6f176b7fa..28b77d330 100644 --- a/makefu/1systems/pornocauster.nix +++ b/makefu/1systems/pornocauster.nix @@ -6,14 +6,12 @@ { imports = [ # Include the results of the hardware scan. - ../2configs/main-laptop.nix #< base-gui + ../2configs/main-laptop.nix #< base-gui + zsh # Krebs ../2configs/tinc-basic-retiolum.nix #../2configs/disable_v6.nix - # environment - ../2configs/zsh-user.nix # applications diff --git a/makefu/2configs/main-laptop.nix b/makefu/2configs/main-laptop.nix index 00a3e73ca..b725f661d 100644 --- a/makefu/2configs/main-laptop.nix +++ b/makefu/2configs/main-laptop.nix @@ -9,6 +9,7 @@ with lib; imports = [ ./base-gui.nix ./fetchWallpaper.nix + ./zsh-user.nix ]; environment.systemPackages = with pkgs;[ vlc From 20a52c8dee414e89dba49f4a4a12e20d6555c55e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 14:29:46 +0100 Subject: [PATCH 22/24] m 3 buildbot/master: make irc configurable --- makefu/3modules/buildbot/master.nix | 66 +++++++++++++++++++++++------ 1 file changed, 52 insertions(+), 14 deletions(-) diff --git a/makefu/3modules/buildbot/master.nix b/makefu/3modules/buildbot/master.nix index d8e917a21..5d340f899 100644 --- a/makefu/3modules/buildbot/master.nix +++ b/makefu/3modules/buildbot/master.nix @@ -81,17 +81,19 @@ let c['status'].append(html.WebStatus(http_port=8010, authz=authz_cfg)) from buildbot.status import words - # TODO: configure IRC Bot - irc = words.IRC("irc.freenode.net", "krebsbuild", - channels=["krebs"], - notify_events={ - 'success': 1, - 'failure': 1, - 'exception': 1, - 'successToFailure': 1, - 'failureToSuccess': 1, - },allowForce=True) - c['status'].append(irc) + ${optionalString (cfg.irc.enable) '' + irc = words.IRC("${cfg.irc.server}", "krebsbuild", + # TODO: multiple channels + channels=["${cfg.irc.channel}"], + notify_events={ + 'success': 1, + 'failure': 1, + 'exception': 1, + 'successToFailure': 1, + 'failureToSuccess': 1, + }${optionalString cfg.irc.allowForce ",allowForce=True"}) + c['status'].append(irc) + ''} ####### PROJECT IDENTITY c['title'] = "Stockholm" @@ -119,7 +121,42 @@ let Will be created on startup. ''; }; - + irc = mkOption { + default = {}; + type = types.submodule ({ config, ... }: { + options = { + enable = mkEnableOption "Buildbot Master IRC Status"; + channel = mkOption { + default = "nix-buildbot-meetup"; + type = types.str; + description = '' + irc channel the bot should connect to + ''; + }; + allowForce = mkOption { + default = false; + type = types.bool; + description = '' + Determines if builds can be forced via IRC + ''; + }; + nick = mkOption { + default = "nix-buildbot"; + type = types.str; + description = '' + nickname for IRC + ''; + }; + server = mkOption { + default = "irc.freenode.net"; + type = types.str; + description = '' + Buildbot Status IRC Server to connect to + ''; + }; + }; + }); + }; extraConfig = mkOption { default = ""; type = types.lines; @@ -149,7 +186,6 @@ let serviceConfig = let workdir="${lib.shell.escape cfg.workDir}"; in { - pidfile="${workdir}/twistd.pid"; PermissionsStartOnly = true; Type = "forking"; PIDFile = "${workdir}/twistd.pid"; @@ -166,9 +202,11 @@ let # sanity ${buildbot}/bin/buildbot checkconfig ${workdir} - # TODO: maybe upgrade? + # TODO: maybe upgrade? not sure about this + # normally we should write buildbot.tac by our own # ${buildbot}/bin/buildbot upgrade-master ${workdir} + chmod 700 -R ${workdir} chown buildbotMaster:buildbotMaster -R ${workdir} ''; ExecStart = "${buildbot}/bin/buildbot start ${workdir}"; From 2156aa4d37071408b8e5385a4f639ed029f70620 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 14:30:01 +0100 Subject: [PATCH 23/24] m 3 buildbot/slave: init --- makefu/3modules/buildbot/slave.nix | 159 +++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 makefu/3modules/buildbot/slave.nix diff --git a/makefu/3modules/buildbot/slave.nix b/makefu/3modules/buildbot/slave.nix new file mode 100644 index 000000000..188a9283c --- /dev/null +++ b/makefu/3modules/buildbot/slave.nix @@ -0,0 +1,159 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + buildbot-slave-init = pkgs.writeText "buildbot-slave.tac" '' + import os + + from buildslave.bot import BuildSlave + from twisted.application import service + + basedir = '${cfg.workDir}' + rotateLength = 10000000 + maxRotatedFiles = 10 + + application = service.Application('buildslave') + + from twisted.python.logfile import LogFile + from twisted.python.log import ILogObserver, FileLogObserver + logfile = LogFile.fromFullPath(os.path.join(basedir, "twistd.log"), rotateLength=rotateLength, + maxRotatedFiles=maxRotatedFiles) + application.setComponent(ILogObserver, FileLogObserver(logfile).emit) + + buildmaster_host = '${cfg.masterhost}' + # TODO: masterport? + port = 9989 + slavename = '${cfg.username}' + passwd = '${cfg.password}' + keepalive = 600 + usepty = 0 + umask = None + maxdelay = 300 + allow_shutdown = None + + ${cfg.extraConfig} + + s = BuildSlave(buildmaster_host, port, slavename, passwd, basedir, + keepalive, usepty, umask=umask, maxdelay=maxdelay, + allow_shutdown=allow_shutdown) + s.setServiceParent(application) + ''; + + cfg = config.makefu.buildbot.slave; + + api = { + enable = mkEnableOption "Buildbot Slave"; + + workDir = mkOption { + default = "/var/lib/buildbot/slave"; + type = types.str; + description = '' + Path to build bot slave directory. + Will be created on startup. + ''; + }; + + masterhost = mkOption { + default = "localhost"; + type = types.str; + description = '' + Hostname/IP of the buildbot master + ''; + }; + + username = mkOption { + type = types.str; + description = '' + slavename used to authenticate with master + ''; + }; + + password = mkOption { + type = types.str; + description = '' + slave password used to authenticate with master + ''; + }; + + contact = mkOption { + default = "nix slave "; + type = types.str; + description = '' + contact to be announced by buildslave + ''; + }; + + description = mkOption { + default = "Nix Generated BuildSlave"; + type = types.str; + description = '' + description for hostto be announced by buildslave + ''; + }; + + extraConfig = mkOption { + default = ""; + type = types.lines; + example = '' + port = 443 + keepalive = 600 + ''; + description = '' + extra config evaluated before calling BuildSlave init in .tac file + ''; + }; + }; + + imp = { + + users.extraUsers.buildbotSlave = { + uid = 1408105834; #genid buildbotMaster + description = "Buildbot Slave"; + home = cfg.workDir; + createHome = false; + }; + + users.extraGroups.buildbotSlave = { + gid = 1408105834; + }; + + systemd.services."buildbotSlave-${cfg.username}-${cfg.masterhost}" = { + description = "Buildbot Slave for ${cfg.username}@${cfg.masterhost}"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = let + workdir = "${lib.shell.escape cfg.workDir}"; + contact = "${lib.shell.escape cfg.contact}"; + description = "${lib.shell.escape cfg.description}"; + buildbot = pkgs.buildbot-slave; + # TODO:make this + in { + PermissionsStartOnly = true; + Type = "forking"; + PIDFile = "${workdir}/twistd.pid"; + # TODO: maybe also prepare buildbot.tac? + ExecStartPre = pkgs.writeScript "buildbot-master-init" '' + #!/bin/sh + set -efux + mkdir -p ${workdir}/info + cp ${buildbot-slave-init} ${workdir}/buildbot.tac + echo ${contact} > ${workdir}/info/admin + echo ${description} > ${workdir}/info/host + + chown buildbotSlave:buildbotSlave -R ${workdir} + chmod 700 -R ${workdir} + ''; + ExecStart = "${buildbot}/bin/buildslave start ${workdir}"; + ExecStop = "${buildbot}/bin/buildslave stop ${workdir}"; + PrivateTmp = "true"; + User = "buildbotSlave"; + Restart = "always"; + RestartSec = "10"; + }; + }; + }; +in +{ + options.makefu.buildbot.slave = api; + config = mkIf cfg.enable imp; +} From 8f18b00ab141df92b7df4725a18bb3283b184d76 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 16 Dec 2015 14:30:21 +0100 Subject: [PATCH 24/24] m 1 vbob: configure buildbot master and slave --- makefu/1systems/vbob.nix | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/makefu/1systems/vbob.nix b/makefu/1systems/vbob.nix index 6bcdb3ecd..5b03d40a8 100644 --- a/makefu/1systems/vbob.nix +++ b/makefu/1systems/vbob.nix @@ -2,8 +2,9 @@ # # { lib, config, pkgs, ... }: - -{ +let + pkgs-unst = import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; +in { krebs.build.host = config.krebs.hosts.vbob; krebs.build.target = "root@10.10.10.220"; imports = @@ -14,6 +15,28 @@ # environment ]; + nixpkgs.config.packageOverrides = pkgs: { + tinc = pkgs.tinc_pre; + buildbot = pkgs-unst.buildbot; + buildbot-slave = pkgs-unst.buildbot-slave; + }; + + makefu.buildbot.master = { + enable = true; + irc = { + enable = true; + server = "cd.retiolum"; + channel = "retiolum"; + allowForce = true; + }; + }; + makefu.buildbot.slave = { + enable = true; + masterhost = "localhost"; + username = "testslave"; + password = "krebspass"; + }; + krebs.build.source.git.nixpkgs = { #url = https://github.com/nixos/nixpkgs; # HTTP Everywhere @@ -30,9 +53,11 @@ openssh.authorizedKeys.keys = [ config.krebs.users.makefu-vbob.pubkey ]; }; }; - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; environment.systemPackages = with pkgs;[ + buildbot + buildbot-slave get + genid ]; networking.firewall.allowedTCPPorts = [